1.8 million unique IPs communicated with just one of the threat's C&C servers
Security solutions provider Symantec and Microsoft have managed to disrupt Bamital, a botnet that has been successfully used by cybercriminals for click fraud operations.According to Symantec, the malware that powers the botnet is designed to hijack search engine results and redirect victims to command and control (C&C) servers controlled by the attackers.
Cybercriminals can use it to make a profit because they can redirect users to any website they want. In addition, Bamital can click on advertisements without any interaction from the victim’s part.
Uncovered in late 2009, the threat has been mainly distributed via drive-by-downloads and malicious files planted in peer-to-peer networks.
Bamital is not the largest click fraud botnet around, but it has still caused some serious damage.
In 2011, Symantec monitored one C&C server for a period of 6 weeks. During this timeframe, 1.8 million unique IP addresses connected to the server and experts found that around 3 million clicks were hijacked each day.
One noteworthy thing is that in click fraud campaigns, the monetary losses are supported by the advertisers because they’re actually paying for clicks and traffic that isn’t generated by real people. It’s believed that click fraud malware generates millions of dollars in profit for the underground economy.
For internauts, botnets such as Bamital affect their computers’ performance and their user experience.
Internauts who fear their computers might be infected with Bamital are advised to scan their systems with an updated antivirus. Norton Power Eraser is one of the recommended solutions, but most security products are capable of detecting and neutralizing the malware.
Symantec has published a whitepaper on Trojan Bamital. The report is available on the company’s website.
Here is a video which shows how Bamital generated profit for the cybercriminals by exploiting the online advertising model: